Effective Date: August 4, 2025

Eveloff Consulting (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, share, and protect personal information in our capacity as a consultant, service provider, and business. It also explains your rights regarding your information under California law.

By interacting with us or using our services, you agree to the terms of this Privacy Policy.

1. Our Role in Data Processing

Our role depends on our relationship with you:

  • As a “Business” (under CCPA/CPRA): When we collect your personal information for our own purposes (e.g., when you contact us for an inquiry or we manage our own client relationships), we are considered a “Business.”
  • As a “Service Provider” or “Processor” (under CCPA/CPRA): When we handle personal information on behalf of our clients (e.g., managing a client’s database, providing a SaaS platform, or operating an ALPR system), we act as a “Service Provider.” In these cases, our client is the “Business,” and our processing is governed by our agreement with them.

2. Information We Collect

We collect different types of personal information depending on the services provided.

A. Information You Provide Directly to Us:

  • Contact Information: Name, email address, phone number, and physical address.
  • Communications: The contents of your emails, SMS messages, or other communications with us.
  • Client Information: Information shared in the course of a consulting engagement, which is governed by the confidentiality provisions of our consulting agreement.

B. Information We Process on Behalf of Our Clients (as a Service Provider):

  • Automated License Plate Reader (ALPR) Data: When providing ALPR services to clients, we collect license plate numbers, vehicle images, and the associated date, time, and location of the scan. This is considered Sensitive Personal Information under California law. See Section 8 for our detailed ALPR Policy.
  • Nonprofit Contribution Portal Data: When providing SaaS access to our nonprofit contribution portal, we process information on behalf of our nonprofit clients. This may include donor names, contact information, project details, and records of contributions, such as donation amount, date, and a transaction identifier from the payment processor.
  • Product Fulfillment Portal Data: When providing SaaS fulfillment services for programs distributing free products or services, we process information on behalf of the client running the program. This can include registration and eligibility information (e.g., name, address, email), product or service selection, fulfillment details, and user-provided consents or preferences.
  • Hosted Website and Database Information: We may store and maintain personal information collected through websites we host or databases we manage for our clients. The types of information are determined by our client.

3. Information We Do Not Collect

To build trust and ensure data minimization, we want to be clear about what we do not collect:

  • Full Payment Information: When donations are made through our clients’ portals, they are processed by a third-party payment processor (e.g., Square, PayPal Giving Fund). We do not collect, receive, or store full payment card numbers, CVV codes, or bank account information.
  • ALPR-Derived Personal Data: Our ALPR systems are not designed to and do not identify or collect information about the driver or occupants of a vehicle. We do not track travel patterns or link license plates to personal identities, except as may occur during a specific, client-authorized investigation.
  • SaaS Portal Data for Our Use: We do not access, use, or share the data within our clients’ SaaS portals (for nonprofits or fulfillment) for our own marketing or business purposes. Our access is limited to that which is necessary for system maintenance and support.
  • Device-Specific Data: For any hardware we may help procure for a client (e.g., security cameras), we do not collect device serial numbers, IP/MAC addresses, user account information (usernames/passwords), or any audio/video data generated by those devices.

4. How We Use Your Information (Purpose of Collection)

  • To Provide Services: To respond to inquiries, provide consulting services, and operate and maintain ALPR systems, SaaS platforms, websites, and databases as directed by our clients.
  • For ALPR System Operation: ALPR data is used exclusively for the purposes defined in our client agreement, such as traffic analysis, parking enforcement, access control, or investigating security incidents.
  • For SaaS Portal Operation: Data within our SaaS platforms is processed solely to facilitate the functionality of the portal for our clients as specified in our SaaS agreement. This includes maintaining contribution records for nonprofits or managing registration, eligibility, and logistics for product fulfillment programs.
  • To Communicate With You: To send administrative information, client updates, community alerts, and respond to your requests.
  • For Legal and Security Purposes: To comply with legal obligations, respond to lawful requests, enforce our agreements, and protect against fraudulent or malicious activity.

5. Data Sharing and Disclosure

We do not sell your personal information. We only share personal information as described below:

  • With Our Clients: As a Service Provider, we share the data we process with the client on whose behalf we collected it. That client’s privacy policy governs their use of the data.
  • With Payment Processors: To process a donation or payment through a SaaS portal, we transmit your contribution details securely to a third-party payment processor. This transaction is subject to the processor’s terms and privacy policy.
  • With Subcontractors and Service Providers: We may share information with trusted third parties who perform services on our behalf (e.g., legal advisors, cloud storage providers). These providers are bound by contractual obligations to keep information confidential and use it only for our specified purposes.
  • With Law Enforcement: Please see Section 8 for detailed information on law enforcement access to ALPR data. For other data, we disclose information only in response to a warrant, subpoena, or other valid legal process.
  • For Legal Reasons: We may disclose information if required by law or in the good faith belief that such action is necessary to protect our rights, property, or safety.

6. Data Security and Storage

We implement reasonable administrative, technical, and physical security measures, including:

  • End-to-end encryption for sensitive data in transit and at rest.
  • Storing data on firewalled servers and in secure cloud environments provided by major, reputable vendors. We rely on the security protocols and certifications of these underlying providers.
  • Restricting internal access to personal information to authorized personnel with a legitimate need to know.
  • Maintaining access logs and conducting regular audits for sensitive systems.

7. Data Retention

  • ALPR Data: In compliance with California law, ALPR data is retained for a short period, typically no longer than 60 days, unless it is part of a documented, active investigation and must be preserved by law or at the client’s formal request.
  • SaaS Portal Data: Data within our SaaS platforms is retained for the duration specified in the SaaS agreement with our client.
  • Client Engagement Data: Information related to a consulting engagement is retained for at least three years after the conclusion of the engagement, for legal, tax, and record-keeping purposes.
  • Client Communications: Emails and other communications with clients may be retained indefinitely to preserve a record of business communications and decisions.

8. Automated License Plate Reader (ALPR) System Policy

This policy section is designed to ensure transparency and compliance with California Civil Code §§ 1798.90.5 – 1798.90.55 (SB 34).

  • A. Definitions
    • ALPR Technology: A searchable computerized system that captures images of license plates and converts them into data using optical character recognition.
    • ALPR Information: Includes the digital image, license plate number, time stamp, and geographic location associated with a scan.
  • B. Purpose of Use The ALPR system is deployed strictly for the purposes outlined in our written agreement with each client. These purposes are limited and may include analyzing traffic patterns, managing access to private property, enforcing community rules (e.g., parking), or assisting in the investigation of specific security incidents.
  • C. Law Enforcement Access and Disclosure
    • ALPR data is not automatically or proactively shared with law enforcement. The system is not connected to any government or law enforcement database.
    • Law enforcement agencies may not directly access or search the ALPR database.
    • We will only consider requests for ALPR data from law enforcement agencies if the request is in the form of a warrant, subpoena, or other valid legal process.
    • Each request will be reviewed to ensure its validity. We may deny a request that is overly broad or does not comply with legal requirements.
  • D. Individual Access Requests You may request to know if we have collected ALPR information about your vehicle. Your verifiable request must be sent to Privacy@Eveloff.net and include:
    • Your full name and contact information.
    • The license plate number in question.
    • The approximate date, time, and location of travel.
    • Sufficient proof of vehicle ownership or lawful control (e.g., a copy of vehicle registration).

9. Your California Privacy Rights (CCPA/CPRA)

As a California resident, you have specific rights regarding your personal information.

  • Right to Know and Access: You have the right to request that we disclose what personal information we collect, use, and disclose about you.
  • Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You have the right to request the correction of any inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: You have the right to direct us to limit the use of your sensitive personal information (like ALPR data).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

How to Exercise Your Rights: To exercise these rights, please submit a verifiable request to us by emailing: Privacy@Eveloff.net.

For Data Processed as a Service Provider: If your request pertains to data we process on behalf of a client (e.g., your donor information in a nonprofit’s portal, your registration details for a product fulfillment program, or ALPR data from your HOA), you should direct your request to that organization (the “Business”). We will assist our clients in responding to such requests as required by law and our contracts.

10. Cookies and Website Usage

Our website does not currently use cookies for tracking. If this changes, this policy will be updated, and users will be provided with notice and opt-out options as required by law.

11. Data from Minors

We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have inadvertently collected such information, we will delete it promptly.

12. SMS Terms & Conditions

By opting into or sending SMS messages to us, you agree to our SMS terms.

  • Purpose: You may receive messages for community updates, client-related notifications, alerts, and account notifications.
  • Rates: Message and data rates may apply.
  • Opt-Out: You can opt out at any time by texting STOP.
  • Help: For assistance, text HELP or visit our website. By using our SMS service, you confirm you are the authorized user of the mobile device and are at least 18 years old or have parental/guardian consent.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for legal or regulatory reasons. We will post the updated policy on our website and indicate the new effective date.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

Michael Eveloff Consulting Email: Privacy@Eveloff.net Website: https://consulting.eveloff.net